<?php
    include_once "config/config.php"; session_start(); if (isset($_REQUEST['_SESSION'])) die("Get lost Muppet!");

    $vardas = mysql_real_escape_string($_POST['login_vardas']);
    $kodas = mysql_real_escape_string($_POST['login_kodas']);
    
        
    if ($vardas != '' && $kodas != '') {
        $result = mysql_query("SELECT id, Password FROM vartotojai WHERE LoginName='".md5($vardas)."'");
        $db_kodas = mysql_fetch_array($result);
       
        if ($db_kodas) {
            if ($db_kodas['Password'] == md5($kodas.'_zemuogiu_sode')) {
               
                $roles = mysql_query("SELECT RoleId FROM vartotojai INNER JOIN vartotojuroles ON
                            vartotojai.id = vartotojuroles.VartotojaiId INNER JOIN roles ON roles.id=vartotojuroles.RoleId
                            WHERE vartotojai.id='".$db_kodas['id']."'");
                $role = mysql_fetch_array($roles);
                
                $_SESSION['stalas'] = $db_kodas['id'];
                $_SESSION['metras'] = $role['RoleId'];

                header('location: userpage.php');
            }
            else {
                header('Location: index.php?error=1');
            }

        }
        else{ header('Location: index.php?error=1'); }
    }    
    else{
        header('Location: index.php?error=1');
    }
?>
